CVE-2023-20166

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*

History

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.7
v2 : unknown
v3 : 6.0
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - Vendor Advisory

26 May 2023, 14:42

Type Values Removed Values Added
CWE CWE-22
CPE cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.7
References (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - Vendor Advisory

18 May 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-18 03:15

Updated : 2024-11-21 07:40


NVD link : CVE-2023-20166

Mitre link : CVE-2023-20166

CVE.ORG link : CVE-2023-20166


JSON object : View

Products Affected

cisco

  • identity_services_engine
CWE
CWE-24

Path Traversal: '../filedir'

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')